PC for Firewall/Load Balancer

dragon · 01-01-2009, 15:47

I'm getting a 2nd Broadband connection

I can probably borrow a dual wan router to try (Draytek 2820) but if that doesn't balance the connections how I want it to (when I was playing with it seemed to send all traffic to the same destination over the same WAN even when multiple connections where used e.g Segmented HTTP/FTP, but it may be a configuration thing)

then I shall probably look into building a load balancer/firewall.

http://cgi.ebay.co.uk/Dell-Optiplex-...3A1|240%3A1318

Something like that would probably do it, as I believe it has 2 pci slots providing I can get some low profile NIC's (Most of them seem to be thesedays anyway it's finding the right brackets that would be more problematic)

Only thing that puts me off using a pc is the running costs.

I'd need to have the PC + 2 DSL modems + wireless AP running pretty much 24/7. Anyone know what that's likely to use in terms of power.

Also anyone care to comment on the spec of the machine, it would most likely be running pfsence.

Kymmy · 01-01-2009, 15:54

As a webserver I used to run a win2k3 server, IIS6 but also ran Kerio winroute on it. Winroute can do everything you want (firewall, NAT, load balancing including AV and even bandwidth and site restricting) but only needs a 1Ghz PC so ideal for that old motherboard everyone has in the cupboard

dragon · 01-01-2009, 16:05

Quote:

Originally Posted by Kymmy

As a webserver I used to run a win2k3 server, IIS6 but also ran Kerio winroute on it. Winroute can do everything you want (firewall, NAT, load balancing including AV and even bandwidth and site restricting) but only needs a 1Ghz PC so ideal for that old motherboard everyone has in the cupboard

The problem is the machine i have sitting around is either a PPC mac mini (Useless for this unless someone can find a PPC firewall distro + comapatable USB NIC's)

OR a Dual Althon MP 1600+ in a 4U case, which won't fit in the space I want to put it, could recase the board but the thing is a tad power hungry and not that stable either.

webcrawler2050 · 01-01-2009, 17:16

Well. the power, shouldnt be an issue too much..

Our dell R200 (Rackmount) run at about 0.6AMps constantly, they use just short of 1AMP on boot.

Personally, to make this work "properly" you are going to need 3 PC / Servers to load balance, well, to get the true benefits from a load balancer.

There is a much simpler way of doing this.. I think..

Use your DSL Modem, slap a router / switch on the end. Saves the exspense of two modems etc.

For a webserver, I would never, ever, ever, touch Windows, its simply pants and the new version of Server 2008 will only allow for 64bit..

Personally and this is personally, I would slap A centos Distro on the machine(s) with Apache, works far superior.

Just my 2 cents worth..

dragon · 01-01-2009, 17:36

Quote:

Originally Posted by webcrawler2050

Well. the power, shouldnt be an issue too much..

Our dell R200 (Rackmount) run at about 0.6AMps constantly, they use just short of 1AMP on boot.

Personally, to make this work "properly" you are going to need 3 PC / Servers to load balance, well, to get the true benefits from a load balancer.

There is a much simpler way of doing this.. I think..

Use your DSL Modem, slap a router / switch on the end. Saves the exspense of two modems etc.

For a webserver, I would never, ever, ever, touch Windows, its simply pants and the new version of Server 2008 will only allow for 64bit..

Personally and this is personally, I would slap A centos Distro on the machine(s) with Apache, works far superior.

Just my 2 cents worth..

Sorry i don't think I was clear enough with my orginal post, I'm not actually trying to load balance servers, I simply want to make use of 2 Internet connections so that on multithreaded apps I can boost my speeds and also if one of the lines drops sync failover to the other one

I simply used FTP/HTTP as an example type of traffic.

E.g I'd like when uploading with several connections between myself and the server for the Load balancer to relise that WAN1 has uploading at capacity and to also upload using WAN2.

What I found with the tests I was doing on the Draytek so far is that it once it had decided to use WAN2 for a specific desitnation becuase that was less busy but it seems that all traffic to that desitnation would then go over WAN2.

Mind you was only testing it with a small amount of traffic.

Jon T · 01-01-2009, 17:57

Have a look at: http://www.endian.com/en/community/

dragon · 01-01-2009, 18:23

Quote:

Originally Posted by Jon T

Have a look at: http://www.endian.com/en/community/

Hmm looks interesting, thanks for the URL.

Just need something to run it on now

Although I may have a play around with it in a VM

flamingeck · 14-01-2009, 17:25

Quote:

Originally Posted by webcrawler2050

Well. the power, shouldnt be an issue too much..

Our dell R200 (Rackmount) run at about 0.6AMps constantly, they use just short of 1AMP on boot.

Personally, to make this work "properly" you are going to need 3 PC / Servers to load balance, well, to get the true benefits from a load balancer.

There is a much simpler way of doing this.. I think..

Use your DSL Modem, slap a router / switch on the end. Saves the exspense of two modems etc.

For a webserver, I would never, ever, ever, touch Windows, its simply pants and the new version of Server 2008 will only allow for 64bit..

Personally and this is personally, I would slap A centos Distro on the machine(s) with Apache, works far superior.

Just my 2 cents worth..

I know it's only your opinion, but there is nothing wrong with IIS6 once it's correctly configured. As for 2008 only being 64bit is just utter rubbish.

To the OP, you'll prob find that there's some persistance on your MAC address that's keeping you to one WAN port.

I'd personnally look to do port specific load balancing, and enabling QoS.

Say one connection for port 80/443/53 etc... and another for the likes of downloading via torrent / webserve.

I don't think mutlitreaded applications will not benefit from dual wans anymore than a singletreaded application would. Threads are CPU related only.

dragon · 14-01-2009, 19:42

Quote:

Originally Posted by flamingeck

I know it's only your opinion, but there is nothing wrong with IIS6 once it's correctly configured. As for 2008 only being 64bit is just utter rubbish.

To the OP, you'll prob find that there's some persistance on your MAC address that's keeping you to one WAN port.

I'd personnally look to do port specific load balancing, and enabling QoS.

Say one connection for port 80/443/53 etc... and another for the likes of downloading via torrent / webserve.

I don't think mutlitreaded applications will not benefit from dual wans anymore than a singletreaded application would. Threads are CPU related only.

Some download managers refer to each connection/segment as a thread, what I actually ment by multithreaded applications is software that uses more than 1 connection between the client and the server not applications that can run multiple threads on the cpu

I now have a dell Gx240 p4 1.6 with 256mb ram and a 4GB hdd (I had a 4gb and a 40gb ide drives spare and thought i'd try the 4gb as PFsense doesnt need much space) PFsense

It's not fully setup atm so no idea how it performs (fitted the HDD and installed pfsense but haven't gotten around to actually installing it in the network yet, will prob have to wait till the weekend for that to happen.

Then a couple weeks more till I can setup the load balancing (Line goes in next week but haven't even orderd the Broadband on it yet)